Embedded Risk Manager Apply
<p><strong>Onsite from Day 1</strong></p> <p><strong> </strong></p> <p><strong>Business Unit Description: </strong></p> <p>The Information Technology group delivers secure, reliable technology solutions that enable client to be the trusted infrastructure of the global capital markets. The team delivers high-quality information through activities that include development of essential applications, building infrastructure capabilities to meet client needs and implementing data standards and governance.</p> <p><br /> <strong>Department Description:</strong><br /> Enterprise Product & Platform Engineering<br /> Enterprise Production Assurance<br /> IT Resiliency & Data Center</p> <p> </p> <p><strong>Position Summary:</strong></p> <p>he Embedded Risk Manager (ERM) is responsible for assisting stakeholders with the identification and timely remediation of risk. She/he is a top-level contributor that acts independently with minimal direction. The ERM's ability to form strong relationships and communicate with a breadth and variety of management resources is critical. Attention to detail and strong time management skills are also required.</p> <p> </p> <p><strong>Specific Responsibilities</strong>:<br /> Follow the Client processes and methodologies for risk management<br /> Learn to effectively use the tools required for risk management at client such as the Policy and Document Management System (PDMS), Archer, and MetricStream</p> <p><br /> <strong>Comply with existing risk and control commitments and requirements</strong><br /> • Liaison between and across the cost centers composing Enterprise Production Assurance (EPA) and IT Resiliency and Data Center (ITR&DC) and the following control functions:<br /> • Internal Audit Department<br /> • Technical Risk Management<br /> • Operational Risk Management<br /> • Regulators / Regulatory Relations<br /> • IT Risk Community of Excellence<br /> • Management Control Testing<br /> • Drive successful and timely completion of commitments and requirements<br /> • Issues and Actions<br /> • TRM network and app pen test findings, FOSS findings<br /> • Risk acceptances and policy deviations<br /> • PDMS Policy and Procedures document reviews<br /> • Additional artifacts as identified<br /> • Assist with articulating issues and remediation plans, drive timely submissions to control functions<br /> • Assist EPA and ITR&DC teams in tracking audit deliverables and facilitating management's timely response to requests<br /> • Track audit actions against defined delivery dates and assist with development of retarget plans as necessary</p> <p><br /> <strong>Protect stakeholders by identifying control adherence/design effectiveness gaps as first line of defense</strong><br /> • Conduct proactive Control Environment Reviews (CER) to identify Management Self-Identified Issues (MSIs), policy deviations and risk acceptances to mitigate future control function findings<br /> • Update Process, Risk & Control (PRC) framework proactively<br /> • Review Key Performance Indicator (KPI) maker/checker compliance<br /> • Work closely with management and stakeholders to accurately report status of audit, compliance, and regulatory actions<br /> • Collaborate effectively with the Risk Management Center of Excellence to drive the teams' timely response to TRM, ORM, external Audits, and regulatory requests</p> <p><br /> <strong>Enable strategic improvement of IT control environment</strong><br /> • Provide guidance and become central point of contact between stakeholders and control functions<br /> • Integrate risk management into each team's continuous improvement processes, roadmaps, and strategies<br /> • Drive/facilitate the Client Risk Mindset and Risk and Control continuous improvement</p> <p><br /> <strong>Knowledge and Skills Required:</strong><br /> • Proven knowledge of technical infrastructure, networks, databases and systems and how they affect an organization's cybersecurity risk<br /> • Proven knowledge of security methodologies, policies, standards and best practices<br /> • Proven knowledge of information technology systems, infrastructure and operations<br /> • Ability to explain and articulate technical concepts using both technical and non-technical language<br /> • Critical thinking and analytical skills<br /> • Excellent presentation skills (MS PowerPoint)<br /> • Ability to manipulate data in a spreadsheet (MS Excel)<br /> • Ability to work collaboratively by building consensus and influencing decision making to foster forward progress with projects and initiatives<br /> • Strong oral and written communication skills<br /> • Excellent organizational skills, coupled with ability to be versatile and flexible<br /> • Sound business judgment and the ability to work successfully with all levels of management<br /> • Excellent grammar and style skills; ability to adapt writing style for different audiences and media</p> <p> </p> <p><strong>Education, Training and Certification:</strong></p> <p>Bachelor's degree preferred</p> <p>CISSP/CISM/CRISC certification preferred</p> <p> </p>
